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DETAILED ACTION 

Claims 1-8, 10, 12, 14, 16, 18, and 20-31 are pending for examination. 
Claims 9, 1 1 , 1 3, 1 5, 1 7, 1 9, and 32 are cancelled. 
Claims 1-8, 10, 12, 14, 16, 18, and 20-31 are amended. 
Claims 1-8, 10, 12, 14, 16, 18, and 20-31 are rejected. 

Response to Arguments 

1 . Applicant's arguments with respect to claims have been considered but are moot 
in view of the new ground(s) of rejection. Applicant's arguments regarding newly added 
limitations are addressed below in view of new grounds of rejection and reference 
Birenback (US 6 594 704). 

Claim Rejections - 35 USC § 103 

2. The text of those sections of Title 35, U.S. Code not included in this action can 

be found in a prior Office action. 

3. Claims 10, 16, 20, 24, 28 rejected under 35 U.S.C. 103(a) as being unpatentable 
over US 2003/0204618, Foster et al, WO 99/14931 , Dalton et al, and US 6 594 704, 
Birenback et al. 

4. As per claim 1 0, Foster teaches a method of maintaining a routing table in a 
system that includes a packet forwarder and a packet control device, the packet 
forwarder including a plurality of network interfaces (Figure 2A, where each packet 
fonwarder has multiple connection interfaces), the packet control device including a 
plurality of network interface and a plurality of virtual interfaces each of the virtual 
interfaces having address information that is associated with one of the network 
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interfaces of the packet forwarder (paragraph [0029], where the virtual identifier 
translation table reflects the IP ports related to the virtual interfaces of the VPN), the 
method comprising: 

dividing the network interfaces of the packet control device and the virtual 
interfaces Into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device In a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder Including the network Interface 
that Is associated with an address of the virtual Interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 



Application/Control Number: 1 0/781 ,792 Page 4 

Art Unit: 2444 

maintaining a routing table of each for the groups using a routing process 

associated with each of the groups (Figures 2B and 2C, where the virtual and 

real addresses are kept separately and routed accordingly). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the Invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet fonwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device Is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. BIrenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 



Application/Control Number: 1 0/781 ,792 Page 5 

Art Unit: 2444 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 

corresponding to virtual routers, also column 4, lines 43-50, where the Integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used In virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback In a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as BIrenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

5. As per claim 1 6, Foster teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table (page 2, 
paragraph [0013], where the system is a software facility), the packet forwarder 
Including a plurality of network interfaces (Figure 2A, where each packet forwarder has 
multiple connection interfaces), the packet control device including a plurality of network 
interfaces and a plurality of virtual interfaces each of the virtual interfaces having 
address information that is associated with one of the network interfaces of the packet 
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forwarder (page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN), the computer program including 
computer executable instructions which, when executed by the computer, cause the 
computer to perform: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 

virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 
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maintaining a routing table of each of tine groups using a routing process 

associated with each of the groups (Figures 2B and 2C, where the virtual and 

real addresses are kept separately and routed accordingly). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 
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a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 

corresponding to virtual routers, also column 4, lines 43-50, where the Integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used In virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback In a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as BIrenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

6. As per claim 20, Foster teaches a router control device (abstract, where the 
system processes received data for routing through a network) comprising: 

a virtual Interface setting unit that creates and manages virtual Interfaces on a 
router control device according to corresponding network interfaces of a 
fonwarder, each of the virtual interfaces having address information that is 
associated with one of the network interfaces of the forwarder (Page 5, 
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paragraph [0029], where the IFM maintains a virtual identifier table for each of its 
ports); 

a routing unit that generates a routing table for the forwarder based on routing 
information in routing information packets received at the network interface of the 
forwarder and transferred by the fonwarder to the router control device (Figures 
2B and 2C and accompanying description beginning page 5, paragraph [0032], 
where the device forms routing information tables according to the source and 
destination identifiers); 

a deciding unit that decides on, according to a routing protocol, a path to be 
selected based on information of the network interface and routing information 
which the packet control device exchanges with the other packet control device 
in a network (paragraphs 1 6-1 7, where the path for the packet to be sent may be 
determined dynamically by the network manager, and each device may be 
configured along the path to be notified of the virtual path); 
a registering unit that registers the path by the deciding to a routing table 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); and 

a routing information storage unit that stores a routing table created and 
managed by the routing unit for packet fonwarding between the virtual interfaces 
that are associated with an address of the virtual interface (Page 5, paragraph 
[0029], where each IFM contains a virtual identifier table for each of its ports). 
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Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 

for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet fonwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 

a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
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corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

7. As per claim 24, Foster teaches a method of maintaining a routing table 

(abstract), comprising: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
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dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
forms routing information tables according to the source and destination 
identifiers); and 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

storing a routing table created and managed by the routing unit for packet 
forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 
IFM contains a virtual identifier table for each of its ports). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 
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the packet forwarder is connected to the pacl<et routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 

within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
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contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

8. As per claim 28, Foster teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table (abstract), 
including computer executable instructions which, when executed by the computer, 
cause the computer to perform: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the foHA/arder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
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(paragraphs 1 6-1 7, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the fonwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
forms routing information tables according to the source and destination 
identifiers); and 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 

virtual path); and 

transmitting the packet to the packet fonwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 

virtual interfaces of the VPN); and 

storing a routing table created and managed by the routing unit for packet 
foHA/arding between the virtual interfaces (Page 5, paragraph [0029], where each 
IFM contains a virtual identifier table for each of its ports). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 
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the packet forwarder is connected to the pacl<et routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 

within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
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contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

9. As per claim 32, Dalton teaches a method performed by a processor of 
controlling a router, comprising: 

connecting a router control device to a forwarder through a network (page 22, 
lines 1-23, where the routing engine processes and returns a request for route 
information to a packet routing device); 

creating and managing interfaces, each having address information that is 
associated with one of a plurality of network interfaces of the forwarder, on the 
router control device (page 22, lines 1-23, where the routing engine processes 
and returns a request for route information to a packet routing device); and 
outputting (page 22, lines 1 -23, where the routing engine processes and returns 
a request for route information to a packet routing device) 
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Dalton does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 

virtual path); 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); 
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a transmitted packet reception unit that receives the routing information packet 

and that associates the routing information packet with the virtual interface 

(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the system of Dalton. 
Dalton generally teaches that the central routing authority oversees packet transfer over 
local gateways. One way of rerouting packets involves using virtual addresses, which 
simplify routing, as they allow a path to be reconfigured in a manner transparent to a 
source (Foster, page 3, paragraph [0019]). This would be beneficial in Dalton's system, 
as it would allow the central authority to work with another layer of security and 
simplicity, as well as the ability to work on various network types. 
Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

10. Claims 1-8, 12, 14, and 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 2003/0204618, Foster et al, US 6 496 935, Fink et al, WO 
99/14931 , Dalton et al, and US 6 594 704, Birenback et al. 

11. As per claim 1 , Fink teaches a packet control system (abstract) comprising: 

a packet fonA/arder that transfers a packet received from a network interface to 

another network interface (Figure 1, pre-filtering module); and 

a packet control device that routes the packet using a routing process (Figure 1 , 

firewall 18, where the routing information is filter information), wherein 

the packet forwarder includes 

a received packet transfer unit that transmits to the packet control device a 
routing information packet received from the network interface (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave 
the network), and wherein 
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the packet control device includes 

a transmitted packet reception unit that receives the routing information 

packet (Column 6, line 67, where the firewall inspects the packets, which 

thereby have been transferred from the pre-filtering module to the firewall), 

that associates the routing information packet with the interface (Column 

7, lines 2-4, where the firewall determines if the connection should be 

permitted to pass through the device interface), and that delivers the 

routing information packet to the routing process (Column 7, lines 1-4, 

where the analysis module performs the determination); and 

a transmitted packet transfer unit that receives the routing information 

packet sent by the routing process, and that transmits the routing 

information packet to the packet forwarder (Column 7, lines 17-21 , where 

the firewall passes the relevant instructions concerning the packet to the 

pre-filtering module). 

Fink does not teach a specific rule or routing scheme to use with the firewall, only 

references a general set of rules. Foster teaches a system that uses virtual identifiers to 

process data routed through a network wherein the packet control device includes: 

a virtual interface that has address information associated with the network 

interface of the packet forwarder (page 5, paragraph [0029], where the virtual 

identifier translation table reflects the IP ports related to the virtual interfaces of 

the VPN); and 
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deciding on, according to a routing protocol, a patli to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet fonwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 11). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
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allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 1 3- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 
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a first routing table (column 4, lines 17-24, where multiple tables may exist witliin 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 

routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
forwarding (column 2, lines 52-56). 

1 2. As per claim 2, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device, using a routing 
process running on the packet control device, the packet control device comprising: 
a transmitted packet reception unit that receives the routing information packet 
transmitted from the packet forwarder (Column 6, line 67, where the firewall 
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inspects the packets, which thereby have been transferred from the pre-filtering 
module to the firewall), that associates the routing information packet with the 
interface corresponding to an incoming network interface of the packet fonwarder 
(Column 7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that transmits the routing 
information packet to the routing process (Column 7, lines 1-4, where the 
analysis module performs the determination); and 

a transmitted packet transfer unit that receives the routing information packet 
sent by the routing process, and that transmits the routing Information packet to 
the packet forwarder (Column 7, lines 17-21 , where the firewall passes the 
relevant instructions concerning the packet to the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual Identifiers to 
process data routed through a network wherein the packet control device Includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device In a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
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manager, and each device may be configured along tlie path to be notified of the 
virtual path); and 

transmitting the packet to the packet fonwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 11). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 
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the packet forwarder is connected to the pacl<et routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
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contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

1 3. As per claim 3, Fink-Dalton-Foster-Birenback further teaches: 

a routing table transfer unit that acquires a routing table updated by the routing 
process, and that transmits the routing table to the packet forwarder (Fink, 
column 4, lines 51-55, where the firewall sends packet passage information to 
the pre-filtering module, which allows for fonwarding and routing by the 
fonwarder). 

14. As per claim 4, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device which determines an 
outgoing network interface of the packet received at an incoming network interface of 
the packet forwarder (column 5, lines 47-59, where the rule base establishes fonwarding 
rules for packets, permitting them to be fonwarded through to the output interface or 
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dropping tliem if they violate the rules of the rule base), the packet control device 
comprising: 

a plurality of network interfaces (column 7, lines 28-32, where the pre-filtering 
module features a plurality of network interfaces). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 

a plurality of virtual interfaces each having address information that is associated 
with one of the network interfaces of the packet fonwarder (page 7, paragraph 
[0044], where the computing device uses virtual identifiers when transmitting and 
receiving data communications), the network interfaces of the packet control 
device and the virtual interfaces being divided into a plurality of groups (page 5, 
paragraph [0029], where the virtual identifier translation table reflects the IP ports 
related to the virtual interfaces of the VPN), wherein 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 1 6-1 7, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
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manager, and each device may be configured along tlie path to be notified of the 
virtual path); and 

transmitting the packet to the packet fonwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

the packet control device routes the packet using a routing process associated 
with each of the groups considering interfaces belongs to the groups to create a 
dedicated routing table for each, the each of the groups corresponds to a 
separate device (Figures 2B and 2C, where the virtual and real addresses are 
kept separately and routed accordingly). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 11). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 
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Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet fonwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 
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the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 

routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
forwarding (column 2, lines 52-56). 

1 5. As per claim 5, Fink-Dalton-Foster-Birenback further teaches wherein the virtual 
interfaces are grouped for each packet forwarder, and the packet control device 
maintains routing tables using a routing process associated with each of the virtual 
interfaces grouped (Foster, Figures 2B and 2C, where each table uses different routing 
processes to make connections). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include separate routing tables for virtual and real addresses. Fink teaches that the 
analysis module of the firewall determines actions to take with the packet, including that 
of rewriting address fields (column 7, line 11). One way of rewriting addresses involves 
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using virtual addresses, which simplify routing, as they allow a path to be reconfigured 
in a manner transparent to a source (Foster, page 3, paragraph [001 9]). This would be 
beneficial in Fink's system, as it would allow the firewall to work with another layer of 
security and simplicity, as well as the ability to work on various network types. 
1 6. As per claim 6, Fink teaches a packet forwarder which forwards a packet from its 
network interface to its other network interface according to its routing table that makes 
a destination address of a packet associate with a next transfer destination (Column 5, 
lines 51-54, where the system routes according to filtering rules), comprising a received 
packet transfer unit that transmits a routing information packet received at the network 
interface to a packet control device that maintains the routing table of the packet 
fonwarder using a routing process that generates the routing table based on routing 
information no the packet received at the network interface (column 9, lines 1-16, where 
the pre-filtering module receives packets from an external source, such as a MAC 
interface, and forwards the packet to the firewall through the firewall interface). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 
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deciding on, according to a routing protocol, a patli to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet fonwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 11). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
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allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet fonwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 1 3- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 



Application/Control Number: 1 0/781 ,792 Page 36 

Art Unit: 2444 

a first routing table (column 4, lines 17-24, where multiple tables may exist witliin 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 

routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
forwarding (column 2, lines 52-56). 

1 7. As per claim 7, Fink-Dalton-Foster-Birenback further teaches a routing table 
setting unit that receives the routing table from the packet control device, and that sets 
the routing table to the packet forwarder (Fink, Column 7, line 62 through column 8, line 
3, where the pre-filtering module contains a connection database which stores in its 
memory instructions from the firewall). 
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1 8. As per claim 8, Fink teaclies a method of maintaining a routing table using a 
routing process (abstract, where the pre-filtering module performs a limited set of 
actions with packets previously permitted by the firewall), the method comprising: 
receiving a routing information packet which is received by a packet fonwarder 
(column 8, lines 12-15, where the pre-filtering module sends information to the 
firewall for processing); 

delivering the routing information packet to the routing process (column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet sent by the routing process (column 7, 
lines 17-21 , where the firewall fonwards the relevant instructions to the pre- 
filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet fonwarder for 
transmitting from its network interface (column 7, lines 17-21 , where the firewall 
fonwards the relevant instructions for the packet to the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
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(paragraphs 1 6-1 7, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 

the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 

that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with a network interface of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 11). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
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firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 

wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 
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a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 

corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

1 9. As per claim 1 2, Fink teaches a method of maintaining a routing table of a packet 
fonwarder (Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall), the method comprising: 

receiving a routing information packet from a network interface of a packet 
fonwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall, 
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also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to a packet control device, wherein the 
routing table makes a destination address of a packet associate with a next 
transfer destination (Column 6, line 65 to column 7, line 16, where the firewall 
receives the packet and determines whether the packet should be permitted to 
enter and/or leave the network, also column 9, lines 1-16, where the pre-filtering 
module receives packets from an external source and forwards the packet to the 
firewall through the firewall interface). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 
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transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with a network interface of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 11). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 
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the packet forwarder is connected to the pacl<et routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
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contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

20. As per claim 1 4, Fink teaches a computer-readable storage for controlling a 
computer, comprising a computer program for routing a packet using a routing process, 
including computer executable instructions which, when executed by the computer 
(Column 3, line 63 through column 4, line 6, where the method can be implemented as 
software), cause the computer to perform: 

receiving a routing information packet from a network interface of a packet 
foHA/arder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall); 
transmitting the routing information packet to a packet control device (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave the 
network); 
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receiving tlie routing information pacl<et from tfie packet forwarder (Figure 3, step 
4b, where the packet is received by firewall from pre-filtering module); 
transmitting the routing information packet to the routing process (column 6, line 
65 through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet transmitted from the routing process 
(column 7, lines 17-21 , where the firewall fonwards the relevant instructions to the 
pre-filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder (column 7, 
lines 17-21 , where the firewall fonwards the relevant instructions for the packet to 
the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 
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registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with the network interface (page 5, paragraph 
[0029], where the virtual identifier translation table reflects the IP ports related to 
the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill In the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 11). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 
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Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet fonwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 
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the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 

routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
forwarding (column 2, lines 52-56). 

21 . As per claim 1 8, Fink teaches a computer-readable storage for controlling a 
computer, comprising computer program for maintaining a routing table of a packet 
fonwarder, including computer executable instructions which, when executed by the 
computer (Column 3, line 63 through column 4, line 6, where the method can be 
implemented as software), cause the computer to perform: 

receiving a routing information packet from a network interface of the packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall. 
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also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to the packet control device, wherein 
the routing table makes a destination address of a packet associate with a next 
transfer destination (Column 6, line 65 to column 7, line 16, where the firewall 
receives the packet and determines whether the packet should be permitted to 
enter and/or leave the network, also column 9, lines 1-16, where the pre-filtering 
module receives packets from an external source and forwards the packet to the 
firewall through the firewall interface). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 1 6-1 7, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 
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transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with the network interface (page 5, paragraph 
[0029], where the virtual identifier translation table reflects the IP ports related to 
the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 11). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 
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the packet forwarder is connected to the pacl<et routing control device through a 
network (page 22, lines 1 -23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
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contains prefix entries for routes indexed from VPN IDs, which are used in virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

22. Claims 21-23, 25-27, and 29-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 2003/0204618, Foster et al, WO 99/14931 , Dalton et al, and US 6 
594 704, Birenback et al as applied to claims 20, 24, and 28 above, and further in view 
of US 6 272 522, Lin et al. 

23. As per claim 21 , neither Foster, Dalton, nor Birenback expressly teaches a 
specific method of generating or updating the routing tables for his system. Lin teaches 
a method of routing within a packet switching system comprising: 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the virtual 
interface (Column 10, lines 17-42, where the packet is sent from the network 
interface of the switching processor to the virtual interface of the control 
processor), wherein 
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the routing information storage unit stores the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 43-54, 
where the raw load data is sent to the master module to determine the new load 
balancing), and 

the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 4-6, 
where the control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

24. As per claim 22, neither Foster, Dalton, nor Birenback expressly teaches a 
specific method of generating or updating the routing tables for his system. Lin teaches 
a method of routing within a packet switching system comprising: 

a routing table transmission unit that acquires the routing table and that transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), wherein 
the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 55-60, 
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where the switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

25. As per claim 23, Lin teaches a router control system which includes a forwarder 
and a router control device (Figure 1 , pre-filtering module and firewall), wherein 
the router control device includes 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the 
virtual interface (Column 10, lines 17-42, where the packet is sent from the 
network interface of the switching processor to the virtual interface of the 
control processor); 

a routing unit that generates the routing table for the forwarder based on 
the routing information stored in the routing information storage unit 
(Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
and 
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the routing table transmission unit that acquires the routing table, and transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), and 
the forwarder forwards a packet from its network interface to its other network 
interface according to its routing table (abstract, where the switching processors 
route received packets through to an external network), and includes a received 
packet transfer unit that transmits a routing information packet received at the 
network interface to the router control device that maintains the routing table of 
the forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

a virtual interface setting unit that that creates and manages virtual 
interfaces on a router control device according to corresponding network 

interfaces of a forwarder, each of the virtual interfaces having address 
information that is associated with one of the network interfaces of the 
forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

a deciding unit for deciding on, according to a routing protocol, a path to 
be selected based on information of the network interface and routing 
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information whicli the pacl^et control device exchanges with the other 
packet control device in a network (paragraphs 16-17, where the path for 
the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified 

of the virtual path); 

a registering unit for registering the path by the deciding to a routing table 
(paragraphs 16-17, where the path for the packet to be sent may be 
determined dynamically by the network manager, and each device may be 
configured along the path to be notified of the virtual path); and 
a transmitting unit for transmitting the packet to the packet forwarder 
including the network interface that is associated with an address of the 
virtual interface (paragraph [0029], where the virtual identifier translation 
table reflects the IP ports related to the virtual interfaces of the VPN); and 
a routing information storage unit that stores routing information in the 
routing information packet transferred by the tunnel transfer unit (Page 5, 
paragraph [0029], where each IFM contains a virtual identifier table for 
each of its ports). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
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This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
Neither Foster nor Lin expressly teaches that the packet fonwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 

wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1 -23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 
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a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 

corresponding to virtual routers, also column 4, lines 43-50, where the Integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used In virtual 
routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback In a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as BIrenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

26. As per claim 25, neither Foster, Dalton, nor Birenback expressly teaches a 
specific method of generating or updating the routing tables for his system. Lin teaches 
a method of routing within a packet switching system comprising: 

transferring the routing information packet via a communication path that 
connects between the network interface and the virtual interface (Column 1 0, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor), wherein 
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the storing includes storing the routing information in the routing 
information pacl<et transferred by the tunnel transfer unit (Column 6, lines 
43-54, where the raw load data is sent to the master module to determine 
the new load balancing), and 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 4-6, where the 
control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

27. As per claim 26, neither Foster, Dalton, nor Birenback expressly teaches a 
specific method of generating or updating the routing tables for his system. Lin teaches 
a method of routing within a packet switching system comprising: 

acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); and 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor), wherein 
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the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 55-60, where the switching 
processor accesses the routing table stored in the shared memory). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

28. As per claim 27, Lin teaches a method of maintaining a routing table (Figure 1 , 

pre-filtering module and firewall), comprising: 

transferring the routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
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transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

fonwarding a packet from a network interface of the forwarder to other network 

interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
fonwarder to the router control device that maintains the routing table of the 
fonwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

creating and managing virtual interfaces on a router control device according to 

corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
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control device exclianges with the other pacl<et control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
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Neither Foster nor Lin expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet fonwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 1 3- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 

a first routing table (column 4, lines 17-24, where multiple tables may exist within 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 
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the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 

routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
forwarding (column 2, lines 52-56). 

29. As per claim 29, neither Foster, Dalton, nor Birenback expressly teaches a 
specific method of generating or updating the routing tables for his system. Lin teaches 
a method of routing within a packet switching system wherein: 

instructions further cause the computer to perform transferring the routing 
information packet via a communication path that connects between the network 
interface and the virtual interface (Column 10, lines 17-42, where the packet is 
sent from the network interface of the switching processor to the virtual interface 
of the control processor), wherein 
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the storing includes storing the routing information in the routing information 
packet transferred by the tunnel transfer unit (Column 6, lines 43-54, where the 
raw load data is sent to the master module to determine the new load balancing), 
and 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 4-6, where the control processor 
writes the new load balancing information into the shared memory for use by the 
switching processor). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

30. As per claim 30, neither Foster, Dalton, nor Birenback expressly teaches a 
specific method of generating or updating the routing tables for his system. Lin teaches 
a method of routing within a packet switching system wherein: 
the instructions further cause the computer to perform: 

acquiring the routing table (Column 6, lines 4-6, where the distribution 
data is written into the shared memory for use by the switching processor); 
and 
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transmitting tine routing table to tine fonwarder (Column 6, lines 4-6, where 
the distribution data is written into the shared memory for use by the 
switching processor), wherein 

the generating includes generating the routing table for the fonwarder 

based on the routing information stored (Column 6, lines 55-60, where the 
switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

31 . As per claim 31 , Lin teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table, including 
computer executable instructions stored on a computer readable medium, wherein the 
instructions, when executed by the computer, cause the computer to perform: 

transferring a routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
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generating a routing table for tlie forwarder based on tlie routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to another network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
fonwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
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having address information tliat is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 

virtual path); and 

transmitting the packet to the packet fonwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 

virtual interfaces of the VPN); and 

storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports); 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
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disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
Neither Foster nor Lin expressly teaches that the packet fonwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet fonwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 1 3- 
23). 

Neither Foster nor Dalton expressly teaches utilizing two routing tables. Birenback 
teaches a method of managing multiple VPNs within a device comprising: 



Application/Control Number: 1 0/781 ,792 Page 70 

Art Unit: 2444 

a first routing table (column 4, lines 17-24, where multiple tables may exist witliin 
a router); 

a second routing table (column 4, lines 17-24, where multiple tables may exist 
within a router); 

the first routing table is updated based on a routing information on the second 
routing table (column 5, lines 3-7, where entries may be added to routing tables 
corresponding to virtual routers, also column 4, lines 43-50, where the integrated table 
contains prefix entries for routes indexed from VPN IDs, which are used in virtual 

routing tables). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize multiple routing tables such as taught by Birenback in a routing system such as 
that taught by either Dalton or Foster. Foster's system allows a packet forwarder to 
create virtual channels for a packet to travel through a network. Dalton teaches a 
routing system with a central authority for routing packets. Either system would benefit 
from utilizing multiple routing tables, along with pointers, such as taught by Birenback, 
as Birenback's system improves the speed and efficiency of route lookups and packet 
fonwarding (column 2, lines 52-56). 

Conclusion 

32. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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Examiner would like to make some suggestions for expediting prosecution of 
application: 

33. In independent claims, examiner recommends further defining the first and 
second routing tables and their relationship to each other and within the system. As 
presented, the first and second routing tables are presented to exist within the system, 
but their separate functions are not well defined. These, along with any other applicant 
clarifications, may help expedite prosecution, as they would help differentiate from prior 
art by more clearly defining the relationship and function of the two separate routing 
tables existing within the device. 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571) 270-1 191 . The examiner can normally be reached on Monday through Thursday, 
1 1 am-6pm EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on (571) 272-3922. The fax phone number 
for the organization where this application or proceeding is assigned is 571 -273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

TR 

/William C. Vaughn, Jr./ 

Supervisory Patent Examiner, Art Unit 2444 



